diff options
Diffstat (limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java')
| -rw-r--r-- | id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java | 238 |
1 files changed, 238 insertions, 0 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java new file mode 100644 index 000000000..e878f8ab1 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java @@ -0,0 +1,238 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas.tasks; + +import java.io.InputStreamReader; +import java.nio.charset.StandardCharsets; +import java.util.Base64; +import java.util.Map; +import java.util.Map.Entry; + +import javax.net.ssl.SSLSocketFactory; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.io.IOUtils; +import org.apache.http.Header; +import org.apache.http.HttpHeaders; +import org.apache.http.HttpResponse; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.client.protocol.HttpClientContext; +import org.apache.http.client.utils.URIBuilder; +import org.apache.http.impl.client.CloseableHttpClient; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; + +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.auth.modules.eidas.eID4UConstants; +import at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils.AttributeScopeMapper; +import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eID4UAPException; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport; +import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; +import at.gv.egovernment.moa.id.util.CookieUtils; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +@Component("ReceiveConsentForAddtionalAttributesTask") +public class ReceiveConsentForAddtionalAttributesTask extends AbstractAuthServletTask { + + private static final int HashMap = 0; + @Autowired private AuthConfiguration moaAuthConfig; + + @Override + public void execute(ExecutionContext context, HttpServletRequest httpReq, HttpServletResponse httpResp) + throws TaskExecutionException { + try{ + if (pendingReq instanceof EIDASData) { + EIDASData eidasReq = (EIDASData) pendingReq; + + //delete eID4U http Cookie with pendingRequestId + CookieUtils.deleteCookie(httpReq, httpResp, eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME); + + String authCode = httpReq.getParameter(OAuth20Constants.RESPONSE_CODE); + if (MiscUtil.isEmpty(authCode)) { + Logger.info("Find NO OAuth2 authCode as http parameter 'code'. eID4U AP process stopping ... "); + throw new eID4UAPException("NO OAuth2 'authCode' to access AP", null); + + } + Logger.trace("Find OAuth2 'code' with: " + authCode); + + /* + * access backend service with authCode + * + */ + String tokenServiceURL = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_URL); + String tokenServiceUsername = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_USERNAME); + String tokenServicePassword = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_PASSWORD); + + if (MiscUtil.isEmpty(tokenServiceURL)) { + Logger.info("NO TokenService URL in configuration for eID4U AP. "); + throw new eID4UAPException("NO TokenService URL in configuration for eID4U AP.", null); + + } + + //open http client + SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory( + moaAuthConfig, + tokenServiceURL); + CloseableHttpClient httpClient = HttpClientWithProxySupport.getHttpClient( + sslFactory, + authConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true)); + + //build request URL + URIBuilder uriBuilderToken = new URIBuilder(tokenServiceURL); + uriBuilderToken.addParameter(OAuth20Constants.PARAM_GRANT_TYPE, + authConfig.getBasicConfiguration( + eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_PARAM_GRANTTYPE, + OAuth20Constants.PARAM_GRANT_TYPE_VALUE_AUTHORIZATION_CODE)); + uriBuilderToken.addParameter(OAuth20Constants.RESPONSE_CODE, authCode); + Logger.trace("Full eID4U Token-Service request URL: " + uriBuilderToken.build()); + + HttpGet httpGetToken = new HttpGet(uriBuilderToken.build()); + + HttpClientContext localContext = HttpClientContext.create(); + if (MiscUtil.isNotEmpty(tokenServiceUsername)) { + Logger.debug("Find AuthCredentials for eID4U AP. Injecting credentials ... "); + + //Raw work-around, because API solution does not work well + String auth = tokenServiceUsername.trim() + ":" + tokenServicePassword.trim(); + byte[] encodedAuth = Base64.getEncoder().encode(auth.getBytes(StandardCharsets.ISO_8859_1)); + String authHeader = "Basic " + new String(encodedAuth); + httpGetToken.setHeader(HttpHeaders.AUTHORIZATION, authHeader); + + //API solutuion +// HttpHost targetHost = new HttpHost(uriBuilderToken.build().toString()); +// AuthCache authCache = new BasicAuthCache(); +// authCache.put(targetHost, new BasicScheme()); +// +// CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); +// credentialsProvider.setCredentials(AuthScope.ANY, +// new UsernamePasswordCredentials(tokenServiceUsername.trim(), tokenServicePassword.trim())); +// localContext.setCredentialsProvider(credentialsProvider); +// localContext.setAuthCache(authCache); + + } + + //request tokenService + HttpResponse httpResultToken = httpClient.execute(httpGetToken, localContext); + + Logger.trace("Receive http StatusCode: " + httpResultToken.getStatusLine().getStatusCode() + + " from eID4U AP TokenService"); + + if (Logger.isTraceEnabled()) { + for (Header el : httpResultToken.getAllHeaders()) + Logger.trace("Resp. Headername:" + el.getName() + " Value:" + el.getValue()); + } + + if (httpResultToken.getStatusLine().getStatusCode() != 200) { + Logger.info("eID4U AP TokenService anwser with StatusCode:" + httpResultToken.getStatusLine().getStatusCode() + + " eID4U AP process stopping ... "); + if (httpResultToken.getEntity().getContent() != null) + Logger.trace("StatusMessage: " + IOUtils.toString(httpResultToken.getEntity().getContent(), "UTF-8")); + throw new eID4UAPException("eID4U AP TokenService return statusCode: " + httpResultToken.getStatusLine().getStatusCode(), null); + + } + + //parse AccessToken from TokenService response + JsonElement fullToken = new JsonParser().parse( + new InputStreamReader(httpResultToken.getEntity().getContent())); + Logger.trace("FullToken: " + fullToken.toString()); + String accessToken = fullToken.getAsJsonObject().get(OAuth20Constants.RESPONSE_ACCESS_TOKEN).getAsString(); + + + //call Attribute Provider to receice eID4U attributes from TUG + String attrProviderServiceURL = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_DATASERVICE_URL); + if (MiscUtil.isEmpty(attrProviderServiceURL)) { + Logger.info("NO Attr.Provider Service URL in configuration for eID4U AP. "); + throw new eID4UAPException("NO Attr.Provider URL in configuration for eID4U AP.", null); + + } + + + URIBuilder uriBuilderAttrProv = new URIBuilder(attrProviderServiceURL); + HttpGet httpGetData = new HttpGet(uriBuilderAttrProv.build()); + + //encode and add token as header + String authHeader = "Bearer " + accessToken; + httpGetData.setHeader(HttpHeaders.AUTHORIZATION, authHeader); + + //get and add bPK as header + httpGetData.setHeader( + "X-PVP-BPK", + pendingReq.getRawData(eID4UConstants.PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER, String.class)); + + if (Logger.isTraceEnabled()) { + for (Header el : httpGetData.getAllHeaders()) + Logger.trace("Req. Headername:" + el.getName() + " Value:" + el.getValue()); + } + + //request Attribute Provider + HttpResponse httpResultData = httpClient.execute(httpGetData); + + //parse response + Logger.trace("Receive http StatusCode: " + httpResultData.getStatusLine().getStatusCode() + + " from eID4U Attr.Provider Service"); + + if (Logger.isTraceEnabled()) { + for (Header el : httpResultData.getAllHeaders()) + Logger.trace("Resp. Headername:" + el.getName() + " Value:" + el.getValue()); + } + + if (httpResultData.getStatusLine().getStatusCode() != 200) { + Logger.info("eID4U Attr.Provider Service anwser with StatusCode:" + httpResultData.getStatusLine().getStatusCode() + + " eID4U AP process stopping ... "); + if (httpResultData.getEntity().getContent() != null) + Logger.trace("StatusMessage: " + IOUtils.toString(httpResultData.getEntity().getContent(), "UTF-8")); + + throw new eID4UAPException("eID4U Attr.Provider Service return statusCode: " + httpResultData.getStatusLine().getStatusCode(), null); + + } + + + //parse eID4U attributes from Attr.Provider service response + JsonElement fullAttrSet = new JsonParser().parse( + new InputStreamReader(httpResultData.getEntity().getContent())); + Logger.trace("FullAttrSet: " + fullAttrSet.toString()); + + //populate eID4U attributes + populateEid4uAttributes(fullAttrSet.getAsJsonObject()); + + //store pendingRequest + requestStoreage.storePendingRequest(pendingReq); + + + } else + Logger.debug("No eIDAS Request found. Skip eID4U attribute collection"); + + } catch (Exception e) { + Logger.error("IdentityLink generation for foreign person FAILED.", e); + throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); + + } + + } + + private void populateEid4uAttributes(JsonObject jsonObject) throws EAAFStorageException { + try { + AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class); + Map<String, Object> eID4UAttributes = AttributeScopeMapper.getInstance().populateEid4uAttributesFromTugResponse(jsonObject); + for (Entry<String, Object> el : eID4UAttributes.entrySet()) + session.setGenericDataToSession(el.getKey(), el.getValue()); + + } catch (EAAFStorageException e) { + Logger.warn("Can NOT inject authentication data into user object.", e); + throw e; + } + + } + +} |